The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

Line 9:

Line 9:

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

−

''' And you can now buy ZAP related gear in the, er, [http://www.cafepress.com/zaproxy ZAP Gear Store]!'''

+

''' Want to help us make ZAP even better for you? '''

+

+

''' Just fill in the ZAP User Questionnaire which is available in [https://docs.google.com/forms/d/1lUPTYHe9CS5tropNStoRK9jVeZ7tWRywhBHDIZjE4cA/viewform English], [https://docs.google.com/forms/d/1JhUdp4cxZ3qRayYWz3JHOLSP7DPdBI-zgnFzDWxbX5A/viewform French] and [https://docs.google.com/forms/d/1xAKE3TCOaBrmFnyAVUr6NdTd3mKvu7g_uGriOcS2Ka4/viewform Spanish]! '''

+

+

You can view the responses so far (which are separate for each languages) here: [https://docs.google.com/forms/d/1lUPTYHe9CS5tropNStoRK9jVeZ7tWRywhBHDIZjE4cA/viewanalytics English], [https://docs.google.com/forms/d/1JhUdp4cxZ3qRayYWz3JHOLSP7DPdBI-zgnFzDWxbX5A/viewanalytics French], [https://docs.google.com/forms/d/1xAKE3TCOaBrmFnyAVUr6NdTd3mKvu7g_uGriOcS2Ka4/viewanalytics Spanish]

The Zed Attack Proxy (ZAP) is now one of the most popular OWASP projects.

+

+

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox.

+

+

This talk will focus on the latest changes to ZAP and the plans for it’s future.

+

+

Due to the growing number of people working on ZAP, and the fact that there are 5 ZAP related Google Summer of Code 2013 projects, the content of the talk will be announced closer to the conference date.

+

+

+

</div>

= News =

= News =

[[Image:zap128x128.png|right]]

[[Image:zap128x128.png|right]]

−

<div style="font-size:142%;border:none;margin: 0;color:#000">

+

<div style="font-size:120%;border:none;margin: 0;color:#000">

'''Latest News:'''

'''Latest News:'''

+

* 2013/09/27 Version [http://code.google.com/p/zaproxy/wiki/HelpReleases2_2_2 2.2.2] released

+

* 2013/09/11 Version [http://code.google.com/p/zaproxy/wiki/HelpReleases2_2_0 2.2.0] released

The Zed Attack Proxy (ZAP) is now one of the most popular OWASP projects.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox.

This talk will focus on the latest changes to ZAP and the plans for it’s future.

Due to the growing number of people working on ZAP, and the fact that there are 5 ZAP related Google Summer of Code 2013 projects, the content of the talk will be announced closer to the conference date.

Release description:This release includes the following significant changes:

Fuzzing: Strings in a response can now be fuzzed to try to find vulnerabilities. Anti CRSF tokens can be detected and automatically regenerated when fuzzing. This functionality is based on code from the OWASP JBroFuzz project.

Dynamic SSL certificates: The support for SSL connections was improved and simplified. User's can now create their own root certificate and distribute this into their HTTP clients.

Daemon mode: Starting ZAP with the "-daemon" command line option will cause it to run in the background in 'headless' mode, meaning that no UI is displayed.

API: An initial API has been implemented in XML, JSON and HTML.

Beanshell integration: The BeanShell is an interactive Java shell that can be used to execute BeanShell scripts. BeanShell integration in OWASP ZAP enables you to write scripts using the ZAP functions and data set.

Full internationalisation: All displayed strings are now fully internationalised.

Localisation: Out of the box support for the following languages: English, Brazilian Portuguese, Chinese, French, German, Greek, Indonesian, Japanese, Polish, Spanish